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DETAILED ACTION 

1 . This action is issued in response to applicant's amendment filed November 21 , 
2007. 

2. Claims 1-4,6-24 and 26-56 are presented. Claim 56 is added and claims 5 and 
25 are cancelled. 

3. Claims 16-18 and 36-55 remain withdrawn. 

4. Claims 1-4,6-15,19-24,26-35, and 56 are pending. 

5. Applicant's arguments filed November 21 , 2007, have been fully considered but 
they are not persuasive. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-3,6-11,15,22-24,26-31,35, and 56 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Valois (US Patent Application No. 
20040260818) filed June 23, 2003, in view of Delany (US Patent Application No. 
200201 56879) filed November 30, 2001 . 

Regarding Claims 1 ,22, and 56, Valois discloses a method comprising: 
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storing authorization data that defines an access control attribute ([0058], 
lines 4-10, Valois) 1 and an associated regular expression specifying a textual 
pattern ([0057], lines 4-9, Valois). However, Valois is silent with respect to the 
access control attribute is a coarse-grain access control attribute defining access 
control rights for a resource provided by a device. On the other hand, Delany 
discloses the access control attribute is a coarse-grain access control attribute 
defining access control rights for a resource provided by a device ([01 18], 
Delany). Valois and Delany are analogous art because they are from the same 
field of endeavor of relating to a system that provides authorization compliance 
validation with a security policy. It would have been obvious to one of ordinary 
skill in the art at the time of the invention to incorporate Delany's teachings into 
the Valois system. A skilled artisan would have been motivated to combine in 
order to achieve the level of detail at which the data would have been 
considered. As a result, coarse-grain access provides higher performance 
through more optimized protocols and the data tends to work on contiguous 
regions at a time. Therefore, the combination of Valois in view of Delany, 
disclose receiving a command from a client, wherein the command requests 
access to configuration data for the resource of the device ([01 59] and [01 65], 
Delany); evaluating the command using the regular expression to determine 
whether the command matches the textual pattern ([01 18], lines 19-26, Delany); 
and controlling access to the configuration data by the client based on the 

1 Examiner Notes: Authorization data corresponds to "references" and the definition is an attribute that is 
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coarse-grain access control attribute and the evaluation of the regular expression 
([0159], lines 1-10, Delany). 

Regarding Claims 2 and 23, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises 

allowing access to the configuration data when the access control attribute 
denies access to the resource ([0067], lines 1-4, Valois) and the textual pattern of 
the regular expression matches the command ([01 17], lines 18-20 and [01 18], 
lines19-26, Delany). 

Regarding Claims 3 and 24, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises 

denying access to the configuration data when the access control attribute 
grants access to the resource ([0067], lines 5-9, Valois) and the textual pattern of 
the regular expression matches the command ([01 17], lines 18-20 and [01 18], 
lines19-26, Delany). 

Regarding Claims 6 and 26, the combination of Valois in view of Delany, 
disclose a method wherein the coarse-grain access control attribute comprises a 



part of the Access Control List (ACL). 
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set of permission bits, and each of the permission bits is associated with a 
respective group of the resources ([0161], lines 3-5, Delany). 



Regarding Claims 7 and 27, the combination of Valois in view of Delany, 
disclose a method further comprising receiving the command from the client via a 
command line interface ([0199], lines 2-1 1 , Delany) 2 . 

Regarding Claims 8 and 28, the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises evaluating the 
command in real-time ([0383], lines 9-14, Delany) while the client inputs the 
command via the command line interface ([0199], lines 2-11, Delany). 

Regarding Claims 9 and 29, the combination of Valois in view of Delany, 
disclose a method wherein the configuration data is arranged in the form of a 
multi-level configuration hierarchy having a plurality of objects (Fig. 5, [0142], 
lines 1-2, Delany), and each of the objects represents a portion of the 
configuration data that relates to one or more resources of the device ([0142], 
lines 2-5, Delany). 



2 Examiner Notes: Receiving the command from a client corresponds to "a user can request..." and the 
interface corresponds to "GUI". 
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Regarding Claims 1 0 and 30, the combination of Valois in view of Delany, 
disclose a method wherein the objects have respective textual labels ([0143], 
lines 1-4, Delany) and the regular expression defines the textual pattern to match 
the textual labels ([0057], lines 4-9, Valois) of a set of one or more of the objects 
within the configuration hierarchy (Fig. 5, Delany). 

Regarding Claims 1 1 and 31, the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises applying the 
regular expression to the command ([0099], lines 1-7, Valois) to determine 
whether the command specifies any of the objects within the set ([0142], lines 2- 
5, Delany). 

Regarding Claims 15 and 35, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises controlling access to 
configuration data of a router ([0053], lines 6-10, Valois). 

8. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Valois (US Patent Publication No. 2004/0260818) filed June 23, 2003, as applied to 
claims 1-3,15,22-24, and 35 above, and further in view of Mitra (US Patent No. 
6,973,460) filed November 26, 2002. 
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Regarding Claim 4, Valois discloses a method for storing authorization 
data ([0058], lines 4-10, Valois). However, Valois does not explicitly disclose 
storing the authorization data as a class that conforms to a class syntax. On the 
other hand, Mitra discloses storing the authorization data as a class that 
conforms to a class syntax (column 8, lines 7-18, Mitra). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to 
incorporate Mitra's teaching into the Valois system. A skilled artisan would have 
been motivated to combine the two references as suggested by Mitra (column 7, 
lines 48-52), in order for the classes to be annotated such that, at run-time, 
useful information about how the data is organized for each of the various ways 
of storing the data (i.e. configuration) may be extracted from the annotations. As 
a result, this allows for various services to perform operations in accordance with 
the information. 

9. Claims 12-14,19-21, and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) June 23, 2003, 
in view of Delany (US Patent Publication No. 2002/0156879) filed November 30, 
2001, and further in view of Nelson (US Patent No. 6,243,713) filed August 24, 
1998. 

Regarding Claims 12 and 32, the combination of Valois in view of Delany, 
disclose a method further comprising to automatically insert one or more meta- 
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characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). However, 
Valois in view of Delany, do not explicitly disclose pre-processing the regular 
expression. On the other hand, Nelson discloses pre-processing the regular 
expression (column 10, lines 39-50, Nelson). It would have been obvious to one 
of ordinary skill in the art at the time of the invention to incorporate Nelson's 
teachings into the Valois in view of Delany system. A skilled artisan would have 
been motivated to combine the two references as suggested by Nelson (column 
9, lines 60-65), in order to convert component data into a list of distinctive objects 
that represent the original data of the component, this is understood to. perform 
data reduction. Pre-processing remove any non-essential information that does 
not substantially add to the quality of the system. As a result, pre-processing 
saves the system time and space for capacity. 

Regarding Claims 13 and 33, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method further comprising: 

pre-processing the regular expression (column 10, lines 39-50, Nelson) so 
that the command is evaluated with the regular expression in real-time ([0383], 
lines 9-14, Delany) as the client enters the command ([0199], lines 2-11, Delany). 
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Regarding Claims 14 and 34, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method wherein evaluating the 
command comprises evaluating the command with the pre-processed regular 
expression each time the client enters a token indicating a textual break within 
the command (column 17, lines 35-40, Nelson). 

Regarding Claim 19, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method comprising: 

receiving input ([0056], lines 3-7, Valois) defining an access control 
attribute ([0058], lines 4-10, Valois) and an associated regular expression that 
specifies a textual pattern ([0057], lines 4-9, Valois); 

pre-processing the regular expression (column 10, lines 39-50, Nelson) to 
automatically insert one or more meta-characters into the regular expression 
([0451-0453], lines 1-7, Delany); 

evaluating a command in real-time using the regular expression ([0383], 
lines 9-14, Delany) as a client enters the command via a command line interface 
([0199], lines 2-11, Delany); and 

controlling access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 
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Regarding Claim 20, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method further comprising storing the 
configuration data in the form of a multi-level configuration hierarchy having a 
plurality of objects (Fig. 5, [0142], lines 1-2, Delany), wherein pre-processing the 
regular expression comprises automatically inserting one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
- the hierarchical arrangement of the configuration data (Fig.5, Delany).) 

Regarding Claim 21, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method wherein the regular expression 
defines a textual pattern that identifies one or more of the objects within the 
configuration hierarchy, and evaluating the command comprises: 

applying the regular expression in real-time ([0383], lines 9-14, Delany) to 
determine whether a portion of the command that has been entered by the client 
matches the textual pattern ([0064], lines 1-5,Valois); and 

selectively allowing the client to complete the command based on the 
determination ([01 99], lines 2-1 1 , Delany). 



Response to Arguments 
Applicant argues, Valois and Delany fail to teach "storing authorization 
data that defines both access control attribute and an associated regular 
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expression specifying a textual pattern, wherein the access control attribute is a 
coarse-grain access control attribute defining access control rights for a 
resource provided by a device". 

Examiner respectfully disagrees. As stated in the action above, Valois discloses 
a system wherein tests are performed, such as pattern-matching techniques, which are 
exemplified within a test program. The test program has an example of a pattern- 
matching technique such as a Global Regular Expression Print searching, which 
searches files by keyword followed by a string comparison. Also, another test program 
is performed for contextual parsing techniques, which is used to extract all references of 
access control lists in a configuration file. The definitions and references of the access 
control lists are stored in a set of data structures. The set of definitions and references 
are examples of attributes of the access control list (see [0057-0058]). Valois also 
teaches wherein the test programs discussed are found within a test scripts database, 
which contains a collections of test scripts or expert rules that expresses a security 
characteristic or policy (see [0055]). Further, Valois discusses the security policy 
requiring that all ACL definitions must be references and that all ACL references must 
be defined, which therefore requires a comparison of definitions versus references of 
any kind of object. As such the validation engine extracts from the configuration 
repository database one or more references and one or more definitions involving an 
ACL and then performs comparison matching to whether the set of ACLs references 
exactly matches the set of ACLs defined. If so, the program outputs a "pass" result and 
if not, the program outputs a "fail" result (see [0064-0067]). Therefore, the test scripts 
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perform various tests for security purposes, representing authorization data; and the 
different test programs discussed are located within the test scripts are representations 
of authorization data defining an access control attribute and associated regular 
expression specifying a textual pattern. Next, Delany disclosed "Authentication and 
Authorization decisions are based on policy domains and policies. A policy domain is a logical 
grouping of Web Server host /D's, host names, URL prefixes, and rules. Host names and URL 
prefixes specify the course-grain portion of the web name space a given policy domain protects. 
Rules specify the conditions in which access to requested resources is allowed or denied, and 
to which end users these conditions applf (see [01 18]). As such, the combination of the 
references disclose the above-argued limitation. 

Applicant argues, Valois and Delany fail to teach "receiving a command 
from a client, wherein the command requests access to configuration data for the 
resource of the device". 

Examiner respectfully disagrees. Delany teaches a user requesting to configure 
rights to access attributes, wherein the user may select any of the configuration tabs 
and the system determines whether the user is allowed to configure rights to access 
attributes. The Configure Tab allows a user to configure various options for User 
Manager, but the user must have sufficient privileges to access the tab. If the user is 
allowed access, the user can perform attribute access control, which includes 
controlling who has view and modify permissions for each attribute (see [0159] and 
[0165]). Also, Delany shows that the identity server determines whether the request's 
data store command is a query or a write to the data store. If the attempted access is a 
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query, the server determines whether the queried entry is already stored within the 
object (see [0346]). As such, the combination of the references disclose the above- 
argued limitation. 

Applicant argues, Valois and Delany fail to teach "evaluating the command 
using the regular expression to determine whether the command matches the 
textual pattern". 

Examiner respectfully disagrees. To begin, the Valois references previously 
discussed and taught the use of the Global Regular Expression Print (GREP) searching, 
which searches a file by keyword followed by a string comparison (see [0057]). Within 
the GREP, the searching and comparison of the keyword information corresponded to 
the evaluating of the command by regular expression to determine a match. However, 
even further, Delany disclosed the host names and URL prefixes from the policy's policy 
domain are logically concatenated with the policy's URL pattern. The overall pattern is 
compared to the incoming URL, and if there is a match, the policy's various rules are 
evaluated to determine whether the request should be allowed or denied (see [01 18]). 
The steps of concatenating, comparing, and evaluating all correspond to the evaluation 
of the command (i.e., request) that was entered in order to determine if there was a 
textual pattern. It is understood that the evaluating is using the regular expression to 
determine if the command matches. As such, the combination of the references 
disclose the above-argued limitation. 
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Applicant argues, Valois and Delany fail to teach "controlling access to the 
configuration data by the client based on the coarse-grain access control 
attribute and the evaluation of the regular expressions". 

Examiner respectfully disagrees. Delany teaches that the access is controlled 
dependent upon who has view and modify permissions to the attribute information 
within the configure tab. If the user has permission they are allowed to access such 
configuration data, however if they are denied then the user does not have access (see 
[0118] and [0159]). 

Applicant argues Valois, Delany, and Nelson, fail to teach "pre-processing 
the regular expression to automatically insert one or more meta-characters into 
the regular expression". 

Examiner respectfully disagrees. Nelson teaches text pre-processing operations, 
which are affected by a text pre-processing module. The input text pre-processing is a 
text component and the output is a set of text tokens with reference data. Text pre- 
processing (1 ) tokenizes the text, which divides the text into tokens, (2) reduce suffixes, 
which reduces words to simpler forms, (3) recognize idioms, which special sequences 
of token are recognized by matching the sequences against a dictionary of special 
sequences, (4) normalize dates, (5) normalize numbers, and (6) remove stop words 
(see cols. 10-1 1, lines 39-67 and 1-28). Nelson also teaches token expansions which 
are used from the pre-processing of the user's input query, wherein the first step looks 
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for expansion operators whether directly embedded in the query by the user, or selected 
via a gui. For example, in one embodiment the exclamation mark is used to invoke 
semantic expansion, and the tilde is used to invoke fuzzy spelling expansion. The user 
inserts these expansion operators directly into the input query. For words which have 
user-specified patterns, such as regular expressions, the list of tokens is scanned and 
checked against the pattern (see cols. 16-17, lines 55-67 and 1-40). As such, the 
preceding explanation completely discloses the above-argued limitation. 

Applicant argues the references fail to teach "evaluating a command in 
real-time using the regular expression as a client enters the command via a 
command line interface ". 

Examiner respectfully disagrees. Delany discloses the user being able to enter a 
request via a GUI (see [01 19] and [0383]). The examiner understands that the 
command line interface is text based, however, a GUI is also text based along with 
graphic abilities. Therefore, a command line interface is integrated with the GUI, with 
the benefits of both. 

Applicant argues, Valois and Delany fail to teach "wherein the coarse-grain 
attribute comprises a set of permission bits, and each of the permission bits is 
associated with a respective group of the resources". 

Examiner respectfully disagrees. Delany discusses "Attribute access control 
includes controlling who has view and modify permissions for each attribute in group identity 



Application/Control Number: 10/628,885 Page 16 

Art Unit: 2161 

profiles. Additionally, e-mail notification lists can be created which are used to notify entities 
when a change to an attribute is requested. Administration tasks can be delegated to local 
administrators. An entity can choose what rights to delegate, who to delegate to, and what the 
scope of the delegation is." (see [0161]). Where bits are assigned to the particular 
resource dependent upon its permission. 

Points of Contact 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chelcie Daye whose telephone number is 571-272- 
3891 . The examiner can normally be reached on M-F, 7:00 - 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Apu Mofiz can be reached on 571-272-4080. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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